Kaphotics

There aren't any.

please explain how you did this also i dont have a powersaves is there anyway i can decrypt a gateway sav thats been extracted from the rom as all the ways i have seen use powersaves thanks

He did it on a retail cart on current firmware.

Not helpful at all if you don't care about giving instructions to learn from for the rest of us.

He's already given you instructions to decrypt the entire first save block... plus, proof of concept is better than nothing. I don't blame him for not wanting to share; he doesn't want to be the one who opens the floodgates.

I see! Are there AR codes then I can generate?

there is currently no way to inject .pkx files to Gen 6.

There isn't even an AR that works on 3DS games​.

PKHeX can convert Gen 5 PKM files to the new PKX format, but there is currently no way to inject .pkx files to Gen 6.

4/13/14 - New Update

• Added: Quicksave DragOut Indicators and Tooltips (Hover over the left side corners)
  
• Added: Control+Click a Pokemon slot to quick-load the data.
  
• Added: Shift+Click a Pokemon slot to quick-set the data.
  
• Added: SAV Tab (contents of old Tools Tab)
  
• Added: Tools Tab - Export PGL JPEG, List Passerby, List Hall of Fame Entries
  
• Added: Remaining Moves, Abilities, and Items
  
• Added: Verbose printout of Wonder cards.
  
• Changed: Resizable Pokepuff/Inventory windows for better display.
  
• Changed: Trainer Info Editing has more options.
  
• Changed: PID and EK fields now display Hex instead of decimal (and autofill to 8 characters). Editing is discouraged (legality's sake).
  
• Removed: Visibility of Unused Ribbon Bits
  
• Removed: Visibility of Characteristic. Might be a new correlation, so more research is needed.
  

Let me know if there are still any issues, x66x66. I have the program set to hide the SAV editing interface until a SAV is loaded, which requires me to resize the window on form load. I added some autoscale detection; idk if it works.

Just upload it to imgur.

Hi there, I'm got the process but I have one question:

And if the day pass e.g: 12 -> 13. Do I have to make all those steps again?

Thanks for this tutorial. It's helps a lot!

Nope!

No.

You don't.

0x9C - 0x10009C should all be FF'd out, the only thing unchanged is the 0x00-0x9C header (which will be fixed by the program).

In the end, make sure your file is 0x10009C bytes long -- ctrl+A to select everything in HxD, length is at the bottom.

Can't really tell what is wrong with just the error messages...

No, because that's only a partially decrypted save. Plus the whole AES MAC re-signing isn't a thing yet.

Still no 'true' save editing for those without a hacked console+cfw.

04/09/14 - New Update

• Fixed: EK6 encryption should no longer save undecryptable files.
  
• Moved: Dragouts moved to the left side.
  
• Added: Save File Editing
  

1. Box Editing
   
2. Party/BattleBox/Daycare/GTS/Fused/Extra Viewing
   
3. Pokepuff Editing
   
4. Inventory Editing
   
5. Trainer Info Editing
   
6. Box Layout (Name/Background) editing
   
7. Wondercard Adding/Exporting
   
8. Berry Field Viewing (basic)
   

• Added: Integrity Checking for Checksums and SHA256 Hashes of save files.
  
• Added: Save file hash correction export to re-sign everything but the AES MAC (needs a hacked 3DS).
  
• Added: Bypass for partially decrypted saves (exporting disabled).
  

Saving (properly) is only available if you can dump your own XORpad and have a 100% decrypted save.

DO NOT ASK "HOW DO I DECRYPT SAVE FILE".

Methods how to partially decrypt are in the X/Y Save File Research Thread.

Use Tinke.

Correct.

What would it take to reverse-engineer the signing key from the hardware? I'm assuming whatever it is isn't very feasible but I'm still curious. Would the (failed) chip decapping fundraiser have been of any help in this?

You'd need the entire bootrom to see how the keys are initialized, so yeah. The AES key registers are write only, so once they're put in by the bootrom there's no reading them out.

fake

Nice work!

The AES MAC requires the keyscrambler and the AES Engine, which haven't been translated to code (because they rely on hardware not software). XORpad too.

You'd need to have a hacked 3DS re-sign it for you.

http://projectpokemon.org/forums/showthread.php?24589-B2W2-General-ROM-Info

/a/0/0/4 ********* sprites (pokegra)

replace the sprite and animation files.

It's actually interesting to see that progress is coming along so well.. for the xorpads.. I've been thinking.. I know that people who have a digitial copy get a new xorpad if they reset their save (or reset the game? Not really sure). What I wonder: as Datel seems to use modified 3DS, am I correct that they probably have figured how the xorpad works? Maybe there's only a limited amount of possible xorpad combinations.. I'd happily provide 2 savegames of X to help out identify the available xorpads. Or has anyone by now figured a system how the xorpad is being generated?

There's way too many XORpads due to how the keyY and everything else is made. How the XORpad is created is already known (it uses keys which are currently unobtainable, so they just make the 3DS do it with cfw) - Read more at 3dbrew.

To fix it just download & use the private versions instead.

(KeySAV)

(Mass Dumper)

this problem only exists because I hid one textbox in the public version (not because my method was wrong )

So for when you use these two, just enter your language Egg name and dump your blank & keys; from then on, just use the private versions that are linked.

You are correct, thanks for pointing out these errors!

But 1DD00 == 1DE00, since everything has to be a multiple of 0x200

The solution is to record another video.

Updated the Wiki with checksum notes and a full block map of the save. All that's left to figure out is the hashing regions (which is much harder).

Unreleased = unreleased.